| | This Article | |
| |
| |
| | Share | |
| |
| |
| | Bibliographic References | |
| |
| |
| | Add to: | |
| |
 Digg
 Furl
 Spurl
 Blink
 Simpy
 Google
 Del.icio.us
 Y!MyWeb
| |
| | Search | |
| |
| |
| | |
Usability Failures and Healthcare Data Hemorrhages
March/April 2011 (vol. 9 no. 2)
pp. 35-42
Data leaks are often the result of usability failures. In healthcare, usability failures risk both patients' health and their identity. In this article, the authors analyze samples of medical-related files collected from peer-to-peer file-sharing networks. These leaked files contained significant protected health information and demonstrate the risk to patients and institutions. Through interviews and field research, they document how usability failures lead to such hemorrhages.
1. J.R.B. Halbesleben, D.S. Wakefield, and B.J. Wakefield, "Work-Arounds in Health Care Settings: Literature Review and Research Agenda," Health Care Management Rev., vol. 33, no. 1, 2008, pp. 2–12.
2. A.L. Tucker and A.C. Edmondson, "Why Hospitals Don't Learn from Failures: Organizational and Psychological Dynamics that Inhibit System Change," California Management Rev., vol. 45, no. 2, 2003, pp. 55–72.
3. M.E. Johnson, "Data Hemorrhages in the Health—Care Sector," LNCS 5628, R. Dingledine, and P. Golle eds., Springer-Verlag, 2009, pp. 71–89.
4. K. El Emam et al., "The Inadvertent Disclosure of Personal Health Information through Peer—to—Peer File Sharing Programs," J. American Medical Informatics Assoc., vol. 17, no. 2, 2010, pp. 148–158.
5. M. Sturdevant, "1.5 Million Medical Records at Risk in Data Breach," The Hartford Courant,19 Nov. 2009; www.courant.com/healthhc-healthbreach1119.artnov19,0,1798384.story .
6. T. Murphy, "Wellpoint Customer Information Exposed," Associated Press, 8 Apr. 2008; http://attrition.org/dataloss/2008/04wellpoint01.html .
7. R. Nix, "Email Leaks 350 Baptist East Employee Social Security Numbers," WHAS11 television station, 26 Oct. 2009; www.whas11.com/news/consumerEmail-leaks-350-Baptist-East-employee-Social-Security-numbers-66250142.html .
8. , Title IV Health Information Technology for Economic and Clinical Health, Majority Staff of the Committees on Energy and Commerce, Ways and Means, and Science and Technology, 16 Jan. 2009; http://enpointeblog.com/wp-content/uploads/ 2010/10HITECH-Act1.pdf.
9. "Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Proposed Rule," Federal Register, vol. 75, no. 8, 13 Jan. 2010; http://edocket.access.gpo.gov/2010/pdfE9-31217.pdf .
10. "Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule," Federal Register, vol. 75, no. 144, 28 July 2010; http://edocket.access.gpo.gov/2010/pdf2010-17207.pdf .
11. "Breach Notification for Unsecured Protected Health Information; Interim Final Rule," Federal Register, vol. 74, no. 162, 24 Aug. 2009; http://edocket.access.gpo.gov/2009/pdfE9-20169.pdf .
12. "Rules and Regulations," Federal Register, vol. 74, no. 209, 30 Oct. 2009; www.hhs.gov/ocr/privacy/hipaa/administrative/ enforcementruleenfifr.pdf.
13. M.E. Johnson and N. Willey, "Will HITECH Heal Patient Data Hemorrhages?" Proc. 44th Hawaii Int'l Conf. System Sciences (HICSS 11), 2011.
14. A. Moscaritolo, "Breaches Cost Health Care Industry $6 Billion Annually," SC Magazine,9 Nov. 2010; www.scmagazineus.com/breaches-cost-health-care-industry-6-billion-annually/ article 190493.
Index Terms:
Healthcare information, data leaks, usability
Citation:
M. Eric Johnson, Nicholas D. Willey, "Usability Failures and Healthcare Data Hemorrhages," IEEE Security and Privacy, vol. 9, no. 2, pp. 35-42, March-April 2011, doi:10.1109/MSP.2010.196
